Domain Name security has changed in recent years – have your procedures?
With the average company having a handful or two of domain names, it pays to make sure that you’ve taken the necessary steps to keep them secure. We’ve covered some of this in previous blog posts, though this is focusing on the ease of theft in some situations. You can avoid many nasty situations (potentially costly ones too) by paying attention to your digital assets, and making sure they’re always kept up-to-date via 3/6-monthly checks.
There are many registrars out there – ideally, you should consolidate to use one reliable provider.
You want to make sure that your contact details with the registrar are up-to-date, that you’re using a strong password, ensuring your recovery question+answer is properly difficult (social engineering is impressive, and people reveal a lot about themselves online – don’t make it easy!), and enable 2FA (Two-Factor Authentication) to ensure that your assets are under lock-and-key. From there, depending on your hosting and requirements, it’s worth looking into functionality such as DNSSEC which can reduce the risk of DNS Hijacking and other nasty attacks.
John in Marketing may have “grabbed a domain”. Did they use the right details?
If you had a promotion/conference/etc at a point in time, and needed a domain quick-smart, you may have asked a staff member to sort it out. That’s well and good, however if they haven’t done their homework and made sure that they were specifying the right details at the time of order, then it could be that your staff member (who might’ve moved on by now, who knows) is bound to the domain name. The details provided on-order are used to form a domain’s “Whois contacts” which determine where domain-specific alerts and other notices are sent. Those details are NOT updated when you update your contact details with the registrar, as your registrar account could in theory house many domains for different companies (especially relevant for digital agencies, law firms, etc).
Our competitors have domains registered that could be hijacked in less than 10 minutes – scary!
We’re always keeping an eye on our competitors, including what they’re up to, where they’re focusing their energy, and what they’re neglecting to stay on top of. Scarily, we’ve found domains belonging to high-profile Hosting and Cloud companies in Australia where anyone could very easily hijack their domains and take control. This can be done where the “registrant Whois contact” refers to an email address attached to a domain name that is no longer registered.
Example: domaina.com.au is registered to Company A whose main website is companya.com.au – the registrant for domaina.com.au is “Joe Bloggs” with an email of “firstname.lastname@example.org”. All looks fine? It would, however domainb.com.au was let go (expired) years ago as Company A weren’t using it. Malicious actors could register domainb.com.au, create email@example.com, request the domain’s password from auDA (in real-time) then use that password to transfer the domain name to be under their control. If domaina.com.au is being used by Company A, they’d be left empty-handed and rather embarrassed.
If our competitors in the Hosting and Cloud space are vulnerable, you can see why many companies are too. Be careful!